Giters

gr00T0x / pyattck

A Python Module to interact with the Mitre ATT&CK Framework

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

pyattck

Documentation Status

.______   ____    ____  ___   .___________.___________.  ______  __  ___ 
|   _  \  \   \  /   / /   \  |           |           | /      ||  |/  / 
|  |_)  |  \   \/   / /  ^  \ `---|  |----`---|  |----`|  ,----'|  '  /  
|   ___/    \_    _/ /  /_\  \    |  |        |  |     |  |     |    <   
|  |          |  |  /  _____  \   |  |        |  |     |  `----.|  .  \  
| _|          |__| /__/     \__\  |__|        |__|      \______||__|\__\

A Python Module to interact with the Mitre ATT&CK Framework

pyattck has the following notable features in it's current release:

  • Retrieve all Tactics, Techniques, Actors, Malware, Tools, and Mitigations

  • All techniques have suggested mitigations as a property

  • For each class you can access additional information about related data points:

  • Actors

    • Tools used by the Actor or Group
    • Malware used by the Actor or Group
    • Techniques this Actor or Group uses

  • Malwares

    • Actor or Group(s) using this malware
    • Techniques this malware is used with

  • Mitigations

    • Techniques related to a specific set of mitigation suggestions

  • Tactics

    • Techniques found in a specific Tactic (phase)

  • Techniques

    • Tactics a technique is found in
    • Mitigation suggestions for a given technique
    • Actor or Group(s) identified as using this technique

  • Tools

    • Techniques that the specified tool is used within
    • Actor or Group(s) using a specified tool

Installation

OS X & Linux:

pip install pyattck

Windows:

pip install pyattck

Usage example

To use pyattck you must instantiate a Attck object:

from pyattck import Attck

attack = Attck()

By default pyattck will pull the latest json from Mitre. If you would like to reference and save a local copy of this json file you can provide a file path when an Attck object is created:

from pyattck import Attck

attack = Attck(local_file_path='/some/local/path')
# Alternatively you can provide a full filename
#attack = Attck(local_file_path='/some/local/path/attck.json')

You can access the following properties on your Attck object:

  • actor
  • malware
  • mitigation
  • tactic
  • technique
  • tools

Below are examples of accessing each of these properties:

from pyattck import Attck

attack = Attck()

# accessing actors
for actor in attack.actors:
    print(actor)
    
    # accessing malware used by an actor or group
    for malware in actor.malwares:
        print(malware)

    # accessing tools used by an actor or group
    for tool in actor.tools:
        print(tool)

    # accessing techniques used by an actor or group
    for technique in actor.techniques:
        print(technique)

# accessing malware
for malware in attack.malwares:
    print(malware)

    # accessing actor or groups using this malware
    for actor in malware.actors:
        print(actor)

    # accessing techniques that this malware is used in
    for technique in malware.techniques:
        print(technique)

# accessing mitigation
for mitigation in attack.mitigations:
    print(mitigation)

    # accessing techniques related to mitigation recommendations
    for technique in mitigation.techniques:
        print(technique)

# accessing tactics
for tactic in attack.tactics:
    print(tactic)

    # accessing techniques related to this tactic
    for technique in tactic.techniques:
        print(technique)

# accessing techniques
for technique in attack.techniques:
    print(technique)

    # accessing tactics that this technique belongs to
    for tactic in technique.tactics:
        print(tactic)

    # accessing mitigation recommendations for this technique
    for mitigation in technique.mitigations:
        print(mitigation)

    # accessing actors using this technique
    for actor in technique.actors:
        print(actor)
    

# accessing tools
for tool in attack.tools:
    print(tool)

    # accessing techniques this tool is used in
    for technique in tool.techniques:
        print(technique)

    # accessing actor or groups using this tool
    for actor in tool.actors:
        print(actor)

Release History

  • 1.0.0
    • Initial release of pyattck to PyPi
  • 1.0.1
    • Updating Documentation with new reference links
  • 1.0.2
    • Updated Documentation
  • 1.0.3
    • Fixed issue with appending techniques correctly
  • 1.0.4
    • Added ability to save a local copy of the downloaded Mitre ATT&CK JSON

Meta

Josh Rickard – @MSAdministratorrickardja@live.com

Distributed under the MIT license. See LICENSE for more information.

Contributing

  1. Fork it (https://github.com/swimlane/pyattck/fork)
  2. Create your feature branch (git checkout -b feature/fooBar)
  3. Commit your changes (git commit -am 'Add some fooBar')
  4. Push to the branch (git push origin feature/fooBar)
  5. Create a new Pull Request

About

A Python Module to interact with the Mitre ATT&CK Framework

License:MIT License

Languages

Language:Python 94.6%Language:Batchfile 2.6%Language:Makefile 1.9%Language:Dockerfile 0.9%